<?php
session_start();
include "connectsql.php";

if (isset($_SESSION["ceo"]) && $_SESSION["ceo"] == true) {
	$manager = $_SESSION["manager"];
} else {
	if (isset($_SESSION["user"]) && $_SESSION["user"] == true) {
		$manager = $_SESSION["managername"];
	} else {
		if (isset($_REQUEST["username"])) {
			$username = $_REQUEST["username"];
			if ($username == "") {
				die ("error");			
			}
		} else {
			die ("error");
		}	
		
		if (isset($_REQUEST["managerid"])) {
			$managerid = $_REQUEST["managerid"];
			if ($managerid == "") {
				die ("error");			
			}
		} else {
			die ("error");
		}
		
		$sql = "select * from ".DB_MANAGER_TAB." where `id` = '".$managerid."'";
		$query = mysqli_query($link, $sql) or die ("error");
		$num_rows = mysqli_num_rows($query);
		if ($num_rows == 0) {
			die ("error");
		}
		$row = mysqli_fetch_assoc($query);
		$manager = $row["managername"];
	}
}

$path = "upload/".md5($manager.DB_PWD.$manager)."/";
?>

<form action='' enctype='multipart/form-data' method='post'>
上传文件：<input type='file' name="upfile"/><br>
<input type='submit' value='上传' />
</form>

<?php

if (isset($_REQUEST['md5'])) {
	$md5 = $_REQUEST['md5'];
	if ($md5 == "") { 
		die ("error");
	}
} else {
	die ("error");	
}

if (isset($_REQUEST['name'])) {
	$name = $_REQUEST['name'];
	if ($name == "") { 
		die ("error");
	}
} else {
	die ("error");	
}
	
if (isset($_FILES["upfile"])) {
	$upfile = $_FILES["upfile"];
	$name = $upfile["name"];//上传文件的文件名 
	$type = $upfile["type"];//上传文件的类型 
	$size = $upfile["size"];//上传文件的大小 
	$tmp_name = $upfile["tmp_name"];//上传文件的临时存放路径 	
	$error = $upfile["error"];//上传后系统返回的值

/*	echo "=====================================<br/>"; 
	echo "name is:".$name."<br/>"; 
	echo "type is:".$type."<br/>"; 
	if ($size < 1024)
		echo "size is:".$size." byte<br/>";
	elseif ($size < (1024 * 1024))
		echo "size is:".(floor($size / 1024))." Kb<br/>";
	else
		echo "size is:".(floor($size / (1024 * 1024)))." Mb<br/>";
*/		
	if ($error == 0) {
		if (substr($name, -4) == ".xml" && substr($name, 0, 4) == "mode") {
			$num = substr($name, 4, 1);
			if (ord($num) > 57 || ord($num) < 48) {
				die ("error");
			}
			$num = substr($name, 5, 1);
			if (ord($num) > 57 || ord($num) < 48) {
				die ("error");
			}
			$num = substr($name, 6, 1);
			if (ord($num) > 57 || ord($num) < 48) {
				die ("error");
			}			
			$id = (int)(substr($name, 4, 3));
			$sql = "update ".SetDB_MODE_TAB($manager)." set `exist` = '1' where `id` = '".$id."'";				
			mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_CHANGE);			

			$sql = "select * from ".SetDB_PLAYLIST_TAB($manager);
			$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
			$row = mysqli_fetch_assoc($query);			
			$id = $row["id"];
		} else if (substr($name, -4) == ".xml" && substr($name, 0 , 8) == "playlist") {
			$num = substr($name, 8, 1);
			if (ord($num) > 57 || ord($num) < 48) {
				die ("error");
			}
			$num = substr($name, 9, 1);
			if (ord($num) > 57 || ord($num) < 48) {
				die ("error");
			}
			$num = substr($name, 10, 1);
			if (ord($num) > 57 || ord($num) < 48) {
				die ("error");
			}
			$id = (int)(substr($name, 8, 3));
			$sql = "update ".SetDB_PLAYLIST_TAB($manager)." set `exist` = '1' where `id` = '".$id."'";				
			mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_CHANGE);			
		}

		if (isset($_REQUEST['tmp'])) {
			$movetotmp = 1;
			move_uploaded_file($tmp_name, $path."tmp/".$name);
		} else {
			$movetotmp = 0;
	 		if ($name == "loga.txt") {
				$log = file_get_contents($tmp_name);
				if ($log != NULL) {
					$singelcontext = strtok($log, ";");
					$firstuploadlogflag = 0;
					while ($singelcontext != false) {
						$commaloc = strpos($singelcontext, ",,");
						if ($commaloc == false) {
							break;
						}
						$time = substr($singelcontext, 0, $commaloc);
						$singelcontext = substr($singelcontext, $commaloc + 2);
		
						$commaloc = strpos($singelcontext, ",,");
						if ($commaloc == false) {
							break;
						}				
						$type = substr($singelcontext, 0, $commaloc);
						$name = substr($singelcontext, $commaloc + 2);
	//					echo "日期是".$time." 类型是".$type." 名字是".$name."<br />";
						if ($firstuploadlogflag == 0) {
							$firstuploadlogflag++;
							$sql = "select * from ".SetDB_LOG_TAB($manager, $username)." where `time` = '".$time."' and `type` = '".$type."'";
							$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
							$num_rows = mysqli_num_rows($query);
							if ($num_rows != 0) {
								break;			
							}										
						}
						$sql = "insert into ".SetDB_LOG_TAB($manager, $username)." (`time`,`type`,`name`)	values ('".$time."','".$type."','".$name."')";
						mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);	
						$singelcontext = strtok(";");
					}

					$cmd = "cmd:dellog";
					$explain = "开机整理上传日志";
					$state = CMD_TYPE_NO_READ;

					$sql = "select * from ".SetDB_CMD_TAB($manager)." where `username` = '".$username."' and `cmd` = '".$cmd."' and `state` = '".$state."'";
					$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
					$num_rows = mysqli_num_rows($query);
					if ($num_rows != 0) {
						return;			
					}										
					
					$type = FILE_TYPE_NONE;
					$extrainfo = "";
					$time = date('Y-m-d_H:i:s', time());	
					$sql = "insert into ".SetDB_CMD_TAB($manager)." (`date`,`username`,`cmd`,`explain`,`state`,`type`,`extrainfo`) values ('".$time."','".$username."','".$cmd."','".$explain."','".$state."','".$type."','".$extrainfo."')";
					mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);
				}
				return;
			} else {
				move_uploaded_file($tmp_name, $path.$name);
			}
		}

		$sql = "select * from ".SetDB_FILE_TAB($manager)." where `filename` = '".$name."' and `extrainfo` = '".$movetotmp."'";
		$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);	
		$num_rows = mysqli_num_rows($query);
		if ($num_rows != 0) {
			$row = mysqli_fetch_assoc($query);		
			$readmd5 = $row["md5"];
			if ($readmd5 == $md5) {
				echo "uploadfileokexist";
				return;
			}			
		}

		$encrypt = "0";
		if (isset($_REQUEST['encrypt'])) {
			$encrypt = $_REQUEST['encrypt'];
			if ($encrypt == "") { 
				$encrypt = "0";
			}			
		}

		$videotime = "0";
		if (isset($_REQUEST['time'])) {
			$videotime = $_REQUEST['time'];
			if ($videotime == "") { 
				$videotime = "0";//not support null
			}				
		}

		if ($num_rows != 0) {
			$sql = "update ".SetDB_FILE_TAB($manager)." set `size` = '".$size."', `encrypt` = '".$encrypt."', `time` = '".$videotime."', `md5` = '".$md5."' where `filename` = '".$name."' and `extrainfo` = '".$movetotmp."'";				
			mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_CHANGE);				
		} else {
			$sql = "insert into ".SetDB_FILE_TAB($manager)." (`filename`,`size`,`md5`,`extrainfo`,`encrypt`, `time`) values ('".$name."','".$size."','".$md5."','".$movetotmp."','".$encrypt."','".$videotime."')";
			mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_INSERT);
		}
		
		echo "uploadfileok";
	} else {
		echo "error";
	}
}
mysqli_close($link);
?>